Conventional authentication methods and devices typically allow authentication of a user to a remote service. Typically, conventional authentication methods entail a remote service authenticating a user simply by requesting a password from the user.
Consequently, the user has no way to know whether he or she is really communicating with the desired or correct remote service. Thus, if a remote computer is able to mimic the behaviour of the remote service, the user may be spoofed or “phished” into thinking that he or she is communicating with the correct remote service. As a result, an unsuspecting user may divulge information that they would otherwise only divulge to a legitimate remote service, such as, for example, their user ID and password.
Accordingly, it is an object of the present invention to provide an authentication device and/or method that is suitable for at least authenticating a remote service to a user.
The discussion of the background to the invention herein is included to explain the context of the invention. This is not be taken as an admission that any of the material referred was published, known or part of the common general knowledge as at the priority date of this application.